<?php 
    require_once("./include/bm_config.php");
    require_once("./include/funcs.php");
    header("Content-type: text/html; charset=utf-8"); 
	$vcode=trim($_POST['vcode']);
    if($BM_VCODE&&($vcode!= $_SESSION["vcode"]||$vcode==""||$vcode==null) )
    {
		echo "<script language='javascript'>\n";
		echo "alert('验证码错误!');\n";
		echo "history.go(-1);\n";
		echo "</script>";
		exit(0);
    }
	require_once("./include/login.php");
    $user_id=$_POST['user_id'];
	$user_password=$_POST['user_password'];
   if (get_magic_quotes_gpc ()) {
        $user_id= stripslashes ( $user_id);
        $user_password= stripslashes ( $user_password);
   }
    $sql="SELECT `rightstr` FROM `cr_privilege` WHERE `user_id`='".mysql_real_escape_string($user_id)."'";
    $result=mysql_query($sql);
	$login=check_login($user_id,$user_password);
	
	if ($login)
    {
		$_SESSION['user_id']=$login;
		
		echo mysql_error();
		while ($result&&$row=mysql_fetch_assoc($result))
			$_SESSION[$row['rightstr']]=true;
		echo "<script language='javascript'>\n";
		echo "history.go(-2);\n";
		echo "</script>";
	}else{
		
    
		echo "<script language='javascript'>\n";
		echo "alert('用户名或密码错误!');\n";
		echo "history.go(-1);\n";
		echo "</script>";
	}
?>
